############################## | UsbFix V 7.165 | [Suppression]

Utilisateur: Killer_VirusFr (Administrateur) # KILLERVIRUSFR
Mis à jour le 20/02/2014 par El Desaparecido - Team SosVirus
Lancé à 16:13:59 | 22/02/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: Oracle Corporation (VirtualBox)
CPU: AMD Phenom(tm) II X6 1075T Processor
RAM -> [Total : 3583 Mo| Free : 3311 Mo]
Bios: innotek GmbH
Boot: Normal boot

OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 6.0.2900.5512

SC: Security Center [(!) Disabled]
WU: Windows Update [Enabled]

FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 10 Go (6 Go libre(s) - 63%) [] # NTFS
D:\ -> CD-ROM

################## | Processus Actif |

C:\WINDOWS\System32\smss.exe (ID: 404 |ParentID: 4)
C:\WINDOWS\system32\winlogon.exe (ID: 608 |ParentID: 404)
C:\WINDOWS\system32\services.exe (ID: 652 |ParentID: 608)
C:\WINDOWS\system32\lsass.exe (ID: 664 |ParentID: 608)
C:\WINDOWS\system32\VBoxService.exe (ID: 820 |ParentID: 652)
C:\WINDOWS\system32\svchost.exe (ID: 864 |ParentID: 652)
C:\WINDOWS\System32\svchost.exe (ID: 1044 |ParentID: 652)
C:\WINDOWS\system32\spoolsv.exe (ID: 1524 |ParentID: 652)
C:\WINDOWS\explorer.exe (ID: 1532 |ParentID: 1460)
C:\WINDOWS\system32\svchost.exe (ID: 1624 |ParentID: 1612)
C:\WINDOWS\system32\svchost.exe (ID: 1636 |ParentID: 1612)
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe (ID: 828 |ParentID: 1044)

################## | Regedit Run |

04 - HKCU\..\Run : [HKCU] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKCU\..\Run : [antaw4r19] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe
04 - HKCU\..\Run : [MicroUpdate] C:\WINDOWS\system32\MSDCSC\msdcsc.exe
04 - HKCU\..\Run : [asaba3tsh] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe
04 - HKCU\..\Run : [b1e1pr00] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe
04 - HKCU\..\Run : [GVideo] 
04 - HKCU\..\Run : [SkypeMS] 
04 - HKCU\..\Run : [LoftWare] 
04 - HKCU\..\Run : [IntelService] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\IntelService\IntelService.exe"
04 - HKCU\..\Run : [Kydixirina] "C:\Documents and Settings\Killer_VirusFr\Application Data\Hoduaw\lauz.exe"
04 - HKCU\..\Run : [VanToM] C:\Documents and Settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe
04 - HKCU\..\Run : [b6b14442eb327de390e5ed1e983e5ab0] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe" ..
04 - HKCU\..\Run : [Facebook Update] %APPDATA%\Microsoft\update.exe
04 - HKCU\..\Run : [f7a74ce8d62a827374f896562655303d] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\intrnet.exe" ..
04 - HKCU\..\Run : [5cd8f17f4086744065eb0992a09e05a2] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" ..
04 - HKCU\..\Run : [+obOwJbRAzd34AXM] "C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\MetaData\sysedit.exe"
04 - HKCU\..\Run : [Ipaxp] "C:\Documents and Settings\Killer_VirusFr\Application Data\Ziak\ipaxp.exe"
04 - HKCU\..\Run : [378d21732268e1971ca57e15bd4a5ad9] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\server.exe" ..
04 - HKCU\..\Run : [loh] C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\loh.exe
04 - HKCU\..\Run : [ewewew] C:\Documents and Settings\Killer_VirusFr\Application Data\Stub.exe
04 - HKCU\..\Run : [33a02ce3a6dc322bc7e588c3c6d40f38] "C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe" ..
04 - HKCU\..\RunOnce : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKCU\..\RunOnce : [4gr75b2k2] C:\DOCUME~1\KILLER~1\4gr75b2k2\54402.vbs
04 - HKCU\..\Policies\Explorer\run : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKCU\..\Policies\Explorer\run : [Facebook Update] %APPDATA%\Microsoft\update.exe
04 - HKLM\..\Run : [VBoxTray] C:\WINDOWS\system32\VBoxTray.exe
04 - HKLM\..\Run : [HKLM] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKLM\..\Run : [5cd8f17f4086744065eb0992a09e05a2] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" ..
04 - HKLM\..\Run : [f7a74ce8d62a827374f896562655303d] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\intrnet.exe" ..
04 - HKLM\..\Run : [33a02ce3a6dc322bc7e588c3c6d40f38] "C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe" ..
04 - HKLM\..\Run : [b6b14442eb327de390e5ed1e983e5ab0] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe" ..
04 - HKLM\..\Run : [378d21732268e1971ca57e15bd4a5ad9] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\server.exe" ..
04 - HKLM\..\RunOnce : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKLM\..\Policies\Explorer\run : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : [] 
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [HKCU] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [antaw4r19] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [MicroUpdate] C:\WINDOWS\system32\MSDCSC\msdcsc.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [asaba3tsh] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [b1e1pr00] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [GVideo] 
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [SkypeMS] 
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [LoftWare] 
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [IntelService] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\IntelService\IntelService.exe"
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [Kydixirina] "C:\Documents and Settings\Killer_VirusFr\Application Data\Hoduaw\lauz.exe"
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [VanToM] C:\Documents and Settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [b6b14442eb327de390e5ed1e983e5ab0] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [Facebook Update] %APPDATA%\Microsoft\update.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [f7a74ce8d62a827374f896562655303d] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\intrnet.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [5cd8f17f4086744065eb0992a09e05a2] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [+obOwJbRAzd34AXM] "C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\MetaData\sysedit.exe"
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [Ipaxp] "C:\Documents and Settings\Killer_VirusFr\Application Data\Ziak\ipaxp.exe"
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [378d21732268e1971ca57e15bd4a5ad9] "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\server.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [loh] C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\loh.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [ewewew] C:\Documents and Settings\Killer_VirusFr\Application Data\Stub.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Run : [33a02ce3a6dc322bc7e588c3c6d40f38] "C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe" ..
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\RunOnce : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\RunOnce : [4gr75b2k2] C:\DOCUME~1\KILLER~1\4gr75b2k2\54402.vbs
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Policies\Explorer\run : [svchost] C:\WINDOWS\WIN 7\HACKO.exe
04 - HKU\S-1-5-21-1614895754-1708537768-839522115-1003\..\Policies\Explorer\run : [Facebook Update] %APPDATA%\Microsoft\update.exe

################## | Recherche générique |

Supprimé! C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe
Supprimé! C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\1.exe
Supprimé! C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\33a02ce3a6dc322bc7e588c3c6d40f38.exe
Supprimé! C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\378d21732268e1971ca57e15bd4a5ad9.exe
Supprimé! C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\5cd8f17f4086744065eb0992a09e05a2.exe
Supprimé! C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\b6b14442eb327de390e5ed1e983e5ab0.exe
Supprimé! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\svchost.exe
Supprimé! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\Trojan.exe
Supprimé! C:\WINDOWS\svchost.com
Supprimé! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\torjan.exe
Supprimé! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\torjan.exe.tmp
Supprimé! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\Trojan.exe.tmp
Supprimé! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\fast.exe.log
Supprimé! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\VanToM.exe.log
Supprimé! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\loh.exe
Supprimé! C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe
Supprimé! C:\WINDOWS\WIN 7\HACKO.exe
Supprimé! C:\Documents and Settings\Killer_VirusFr\Application Data\dclogs
Supprimé! C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\Update.exe
Supprimé! C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\65604959882.exe
Supprimé! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\server.exe
Supprimé! C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\WINDOWSFORMSAPPLICATION1.EXE
Supprimé! C:\WINDOWS\directx.sys
Supprimé! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-11820146
Supprimé! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-5681
Supprimé! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-839714475
Supprimé! C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\ASIS.exe
Supprimé! C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\Dex.exe

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCU|di
Supprimé! HKCU\Software\5cd8f17f4086744065eb0992a09e05a2
Supprimé! HKCU\Software\33a02ce3a6dc322bc7e588c3c6d40f38
Supprimé! HKCU\Software\DC3_FEXEC
Supprimé! HKCU\Software\VB and VBA Program Settings\INSTALL
Supprimé! HKCU\Software\VB and VBA Program Settings\SrvID
Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Réparé ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoFolderOptions -> 0
Réparé ! HKLM\Software\Microsoft\Security Center|AntiVirusDisableNotify -> 0
Réparé ! HKLM\Software\Microsoft\Security Center|UpdatesDisableNotify -> 0
Réparé ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr -> 0
Supprimé! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Supprimé! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|33a02ce3a6dc322bc7e588c3c6d40f38
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|33a02ce3a6dc322bc7e588c3c6d40f38
Supprimé! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|antaw4r19
Supprimé! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|HKCU
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HKLM
Supprimé! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|MicroUpdate
Supprimé! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce|svchost
Supprimé! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|svchost
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|svchost
Supprimé! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|loh
Supprimé! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|378d21732268e1971ca57e15bd4a5ad9
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|378d21732268e1971ca57e15bd4a5ad9
Supprimé! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|b6b14442eb327de390e5ed1e983e5ab0
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|b6b14442eb327de390e5ed1e983e5ab0
Supprimé! HKU\S-1-5-21-1614895754-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run|asaba3tsh

################## | UsbFix - Information |

UsbFix a détecté sur votre ordinateur, une infection qui dispose d'une fonction de Keylogger.
Après désinfection par UsbFix, veuillez modifier tous vos mots de passe.
Si vous avez effectué des achats sur internet,
veuillez contacter votre banque afin d'envisager une opposition sur votre carte bancaire.

Info (Fr) : http://www.sosvirus.net/infection-dinihou-vous-explique-son-fonctionnement-t4852.html
Info (Fr) : http://www.sosvirus.net/les-infections-via-usb-t4948.html

################## | Listing |

[19/12/2013 - 19:43:56 | D] - C:\00b2e9e784ad6a262a
[19/12/2013 - 19:46:19 | D] - C:\297f945e881f7dff6e9b
[22/09/2012 - 09:52:41 | A | 0 Ko] - C:\AUTOEXEC.BAT
[08/02/2014 - 11:25:24 | N | 0 Ko] - C:\Boot.bak
[08/02/2014 - 12:25:05 | RAH | 0 Ko] - C:\boot.ini
[02/03/2006 - 12:00:00 | N | 5 Ko] - C:\Bootfont.bin
[08/02/2014 - 12:07:41 | D] - C:\cmdcons
[03/08/2004 - 23:00:08 | N | 257 Ko] - C:\cmldr
[19/12/2013 - 19:49:14 | D] - C:\Config.Msi
[22/09/2012 - 09:52:41 | N | 0 Ko] - C:\CONFIG.SYS
[22/09/2012 - 10:07:32 | D] - C:\Documents and Settings
[22/09/2012 - 09:52:41 | RASH | 0 Ko] - C:\IO.SYS
[22/09/2012 - 09:52:41 | RASH | 0 Ko] - C:\MSDOS.SYS
[13/04/2008 - 07:43:04 | N | 46 Ko | B2DE3452DE03674C6CEC68B8C8CE7C78] - C:\NTDETECT.COM
[13/04/2008 - 09:31:52 | RASH | 246 Ko] - C:\ntldr
[22/02/2014 - 16:13:29 | ASH | 786432 Ko] - C:\pagefile.sys
[15/02/2014 - 15:14:34 | D] - C:\Program Files
[22/02/2014 - 16:14:21 | SHD] - C:\RECYCLER
[08/02/2014 - 12:23:34 | SHD] - C:\System Volume Information
[22/02/2014 - 16:12:52 | D] - C:\UsbFix
[22/02/2014 - 16:14:25 | A | 15 Ko | 3FA099B2832AECF7CC7072FA9B653C70] - C:\UsbFix [Clean 2] KILLERVIRUSFR.txt
[22/02/2014 - 16:14:21 | D] - C:\WINDOWS
[15/02/2014 - 15:14:10 | D] - C:\{$6975-5712-2121-7619$}

################## | Vaccin |


################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |